coccinelle/api/kfree_sensitive.cocci

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 ///
0003 /// Use kfree_sensitive, kvfree_sensitive rather than memset or
0004 /// memzero_explicit followed by kfree.
0005 ///
0006 // Confidence: High
0007 // Copyright: (C) 2020 Denis Efremov ISPRAS
0008 // Options: --no-includes --include-headers
0009 //
0010 // Keywords: kfree_sensitive, kvfree_sensitive
0011 //
0012
0013 virtual context
0014 virtual patch
0015 virtual org
0016 virtual report
0017
0018 @initialize:python@
0019 @@
0020 # kmalloc_oob_in_memset uses memset to explicitly trigger out-of-bounds access
0021 filter = frozenset(['kmalloc_oob_in_memset',
0022                     'kfree_sensitive', 'kvfree_sensitive'])
0023
0024 def relevant(p):
0025     return not (filter & {el.current_element for el in p})
0026
0027 @cond@
0028 position ok;
0029 @@
0030
0031 if (...)
0032   \(memset@ok\|memzero_explicit@ok\)(...);
0033
0034 @r depends on !patch forall@
0035 expression E;
0036 position p : script:python() { relevant(p) };
0037 position m != cond.ok;
0038 type T;
0039 @@
0040
0041 (
0042 * memset@m((T)E, 0, ...);
0043 |
0044 * memzero_explicit@m((T)E, ...);
0045 )
0046   ... when != E
0047       when strict
0048 * \(kfree\|vfree\|kvfree\)(E)@p;
0049
0050 @rp_memzero depends on patch@
0051 expression E, size;
0052 position p : script:python() { relevant(p) };
0053 position m != cond.ok;
0054 type T;
0055 @@
0056
0057 - memzero_explicit@m((T)E, size);
0058   ... when != E
0059       when strict
0060 (
0061 - kfree(E)@p;
0062 + kfree_sensitive(E);
0063 |
0064 - \(vfree\|kvfree\)(E)@p;
0065 + kvfree_sensitive(E, size);
0066 )
0067
0068 @rp_memset depends on patch@
0069 expression E, size;
0070 position p : script:python() { relevant(p) };
0071 position m != cond.ok;
0072 type T;
0073 @@
0074
0075 - memset@m((T)E, 0, size);
0076   ... when != E
0077       when strict
0078 (
0079 - kfree(E)@p;
0080 + kfree_sensitive(E);
0081 |
0082 - \(vfree\|kvfree\)(E)@p;
0083 + kvfree_sensitive(E, size);
0084 )
0085
0086 @script:python depends on report@
0087 p << r.p;
0088 m << r.m;
0089 @@
0090
0091 msg = "WARNING opportunity for kfree_sensitive/kvfree_sensitive (memset at line %s)"
0092 coccilib.report.print_report(p[0], msg % (m[0].line))
0093
0094 @script:python depends on org@
0095 p << r.p;
0096 m << r.m;
0097 @@
0098
0099 msg = "WARNING opportunity for kfree_sensitive/kvfree_sensitive (memset at line %s)"
0100 coccilib.org.print_todo(p[0], msg % (m[0].line))